package cn.jbooter.shiro.autoconfigure.filter.spring_session.authc;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import cn.jbooter.coms.constants.IBaseConstants;
import cn.jbooter.shiro.autoconfigure.util.ShiroUtil;


/**
 * spring-session的rest接口登陆认证拦截器
 * @author hejian
 *
 */
public class SSRestAuthenticationFilter extends AccessControlFilter {

	private static final Logger logger = LoggerFactory.getLogger(SSRestAuthenticationFilter.class);
	
	/**
	 * 是否允许访问,true:允许, false:不允许
	 */
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		//1. 验证是否登陆
		Subject subject = super.getSubject(request, response);
		return subject.isAuthenticated();
	}

	/**
	 * 访问拒绝时是否继续处理；true:需要继续处理；false:中断流程
	 */
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		logger.debug("访问拒绝:认证失败:"+super.getPathWithinApplication(request));
		
		String failmsg = IBaseConstants.AUTHC_FAIL_MSG;
		ShiroUtil.writeLoginFail(failmsg, (HttpServletResponse)response);
		return false;
	}

}
